Access Control in Atlan covers identity and access management (SSO, SCIM, users, groups, roles), permissions (personas, purposes, connection access, visibility), and audit logs. Configure who can sign in, what they can see, and how their activity is tracked.
Integrate ALTR with Atlan and import trusted ALTR classification results as governance tags.
Reference for the four audit surfaces Atlan exposes for API usage—asset audit search, authentication event streaming, workflow run history, and tenant log export—plus what's not available today.
Security and compliance information for Atlan AI, including AI architecture, data handling, encryption, model management, and compliance frameworks.
Understand the Atlan architecture: platform components, management components, and central services across AWS, Azure, and GCP deployments.
How the Atlan MCP server handles authentication, authorization, data handling, tool controls, logging, and network security—with no shared state between tenants and no data sent to LLMs.
Integrate with BigID and enrich assets in Atlan with BigID-discovered privacy metadata.
Learn about Atlan's Cloud logging and monitoring exported in OpenTelemetry Protocol (OTLP) specification for SIEM integration and security monitoring.
Learn about compliance standards and assessments.
Configure firewall rules and network policies to secure communication between Self-Deployed Runtime and Atlan services
Set how long an Atlan session stays valid before it expires. Configure idle timeout, max timeout, and Remember Me settings for all users in the workspace.
Learn how Atlan supports private network connectivity to data sources in different AWS regions and across cloud providers.
Customer environment security best practices for deploying and operating Self-Deployed Runtime
Integrate with Cyera and enrich assets in Atlan with Cyera-discovered data classification metadata.
Frequently asked questions about Self-Deployed Runtime deployment and security
The Atlan Secure Agent is a Kubernetes-based application that runs within a customer's environment. It acts as a gateway between the single-tenant Atlan SaaS and external systems like Snowflake, Tableau, and other data sources. This document explains the Secure Agent's deployment architecture, key components, communication flows, and security considerations.
Configure S3 bucket replication to receive IAM service event logs from Atlan
Configure object replication to sync IAM service event logs to your Azure Storage
Configure Logs Router to sync IAM service event logs from Atlan's Log Explorer to your GCP destination
Learn about encryption and key management.
Understand how Atlan securely connects to ALTR and imports classification metadata.
Understand how Atlan securely connects to your Hive database to extract metadata, with support for multiple authentication methods and deployment modes.
Understand how Atlan securely connects to your PostgreSQL database to extract metadata, with support for multiple authentication methods and deployment modes
Configure Immuta access request links on Atlan assets and request data access or masking exceptions directly from asset profiles.
Configure and run the Atlan ALTR workflow to import ALTR classification results into Atlan.
Learn about incident response plan.
Learn about infrastructure security.
This guide provides step-by-step instructions to install the Secure Agent on an Amazon Elastic Kubernetes Service (AWS EKS) cluster.
Configure the Immuta workflow in Atlan to enrich data assets with Immuta access request links and column masking exception requests.
Understand how Atlan manages authentication data throughout the application lifecycle using GUID references and secure storage.
Use OAuth 2.0 Client Credentials flow for short-lived access tokens in machine-to-machine integrations
Understand how AWS PrivateLink ensures all metadata traffic between Atlan and AWS SageMaker Unified Studio stays within the AWS private network.
Explanation of Snowflake's security model and role requirements for data quality operations.
The Atlan Secure Agent is a lightweight, Kubernetes-based application that enables secure metadata extraction. It connects internal systems with Atlan SaaS while keeping sensitive data protected and doesn’t require inbound connectivity. Running within an organization’s controlled environment, the Secure Agent ensures compliance with security policies and automates metadata processing.
Frequently asked questions about security controls and access protections for Lakehouse.
Security overview and controls for Self-Deployed Runtime
Frequently asked questions about security controls and permissions for the Atlan browser extension.
Security and compliance requirements for apps in the Atlan App Marketplace.
Common security questions when embedding your app in Atlan: authentication, tokens, and CSP.
Learn about security monitoring.
Prepare your ALTR environment and generate API credentials for Atlan integration.
Learn how to set up customer managed keys to protect the secrets and credentials stored in Atlan.
Configure permissions and authentication for Hive to enable metadata extraction in Atlan.
The Docker-based databricks-extractor offline tool has been sunset. For on-premises or network-restricted Databricks lineage extraction, use Self-Deployed Runtime, Secure Agent, or direct connectivity via private link.
Resolve common Hive connection issues including authentication failures, Kerberos errors, TLS/MTLS certificate problems, and network connectivity issues.
Learn about troubleshooting salesforce connectivity.
Why is the security\_admin role required to complete the ServiceNow integration?
Verify the authenticity and integrity of Self-Deployed Runtime container images with Cosign
Learn what data Atlan stores, what it doesn't access, and how the Microsoft Teams integration handles security and privacy.
Learn what ALTR metadata Atlan imports and how it's mapped to Atlan assets.
Learn what Atlan enriches from Immuta and how it surfaces on asset profiles.